Hi Sebastian,
F.Audit Security function requiring security events to be logged is optional as noted in the PSA L2 PP [1].
As it is optional and there isn’t PSA Functional APIs defined for Audit logging, the service hasn’t been updated with IPC model or crypto binding etc.
The secure logging service supported in Library model may not satisfy requirements of audit logging.
Considering PSA L2 PP requires isolation level2 (F.Software_Isolation) and isolation level2 is supported only in IPC model, TF-M is expected to be built in IPC model for PSA L2 cert.
May I know if you ask about Audit logging for PSA Certified, or for an actual use scenario?
[1]
https://www.psacertified.org/app/uploads/2019/02/JSADEN002-PSA_Certified_Level_2_PP-1.1.pdf
Best regards,
Hu Ziji
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Bøe, Sebastian via TF-M
Sent: Wednesday, December 1, 2021 9:59 PM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] IPC mode support for Audit log service
Hi,
for PSA Certification level 2 a log of significant security events is required. Which I assume
should be done with the Audit log service.
But the Audit log service does not support IPC mode.
Should PSA Certification level 2 be done with IPC mode or with library mode?